Saryu Nayyar is an internationally recognized cybersecurity expert, writer, speaker and member of the Forbes Technology Council. She has greater than 15 years of experience in the data security, identity and access management, IT risk and compliance, and security risk management sectors.
She was named EY Entrepreneurial Winning Women in 2017. She has held leadership roles in security services and products strategy at Oracle, Simeio, Sun Microsystems, Vaau (acquired by Sun) and Disney. Saryu also spent several years in senior positions on the technology security and risk management practice of Ernst & Young.
Gurucul is a cybersecurity company that focuses on behavior-based security and risk analytics. Its platform leverages machine learning, AI, and massive data to detect insider threats, account compromise, and advanced attacks across hybrid environments. Gurucul is thought for its Unified Security and Risk Analytics Platform, which integrates SIEM, UEBA (User and Entity Behavior Analytics), XDR, and identity analytics to offer real-time threat detection and response. The corporate serves enterprises, governments, and MSSPs, aiming to cut back false positives and speed up threat remediation through intelligent automation.
What inspired you to begin Gurucul in 2010, and what problem were you aiming to resolve within the cybersecurity landscape?
Gurucul was founded to assist Security Operations and Insider Risk Management teams obtain clarity into probably the most critical cyber risks impacting their business. Since 2010 we’ve taken a behavioral and predictive analytics approach, relatively than rules-based, which has generated over 4,000+ machine learning models that put user and entity anomalies into context across a wide range of different attack and risk scenarios. We’ve built upon this as our foundation, moving from helping large Fortune 50 firms solve Insider Risk challenges, to helping firms gain radical clarity into ALL cyber risk. That is the promise of REVEAL, our unified and AI-Driven Data and Security Analytics platform. Now we’re constructing on our AI mission with a vision to deliver a Self-Driving Security Analytics platform, using Machine Learning as our foundation but now layering on Generative and Agentic AI capabilities across all the threat lifecycle. The goal is for analysts and engineers to spend less time within the myriad in complexity and more time focused on meaningful work. Allowing machines to amplify the definition of their day-to-day activities.
Having worked in leadership roles at Oracle, Sun Microsystems, and Ernst & Young, what key lessons did you bring from those experiences into founding Gurucul?
My leadership experience at Oracle, Sun Microsystems, and Ernst & Young strengthened my ability to resolve complex security challenges and provided me with an understanding of the challenges that Fortune 100 CEOs and CISOs face. Collectively, it allowed me to achieve a front-row seat the technological and business challenges most security leaders face and inspired me to construct solutions to bridge those gaps.
How does Gurucul’s REVEAL platform differentiate itself from traditional SIEM (Security Information and Event Management) solutions?
Legacy SIEM solutions depend upon static, rule-based approaches that result in excessive false positives, increased costs, and delayed detection and response. Our REVEAL platform is fully cloud-native and AI-driven, utilizing advanced machine learning, behavioral analytics, and dynamic risk scoring to detect and reply to threats in real time. Unlike traditional platforms, REVEAL constantly adapts to evolving threats and integrates across on-premises, cloud, and hybrid environments for comprehensive security coverage. Recognized because the ‘Most Visionary’ SIEM solution in Gartner’s Magic Quadrant for 3 consecutive years, REVEAL redefines AI-driven SIEM with unmatched precision, speed, and visibility. Moreover, SIEMs struggle with an information overload problem. They’re too expensive to ingest all the pieces needed for complete visibility and even in the event that they do it just adds to the false positive problem. Gurucul understands this problem and it’s why we’ve got a native and AI-driven Data Pipeline Management solution that filters non-critical data to low-cost storage, saving money, while retaining the power to run federated search across all data. Analytics systems are a “garbage in, garbage out” situation. If the info coming in is bloated, unnecessary or incomplete then the output is not going to be accurate, actionable or ultimately trusted.
Are you able to explain how machine learning and behavioral analytics are used to detect threats in real time?
Our platform leverages over 4,000 machine learning models to constantly analyze all relevant datasets and discover anomalies and suspicious behaviors in real time. Unlike legacy security systems that depend on static rules, REVEAL uncovers threats as they emerge. The platform also utilizes User and Entity Behavior Analytics (UEBA) to ascertain baselines of normal user and entity behavior, detecting deviations that would indicate insider threats, compromised accounts, or malicious activity. This behavior is further contextualized by an enormous data engine that correlates, enriches and links security, network, IT, IoT, cloud, identity, business application data and each internal and external sourced threat intelligence. This informs a dynamic risk scoring engine that assigns real-time risk scores that help prioritize responses to critical threats. Together, these capabilities provide a comprehensive, AI-driven approach to real-time threat detection and response that set REVEAL aside from conventional security solutions.
How does Gurucul’s AI-driven approach help reduce false positives compared to traditional cybersecurity systems?
The REVEAL platform reduces false positives by leveraging AI-driven contextual evaluation, behavioral insights, and machine learning to differentiate legitimate user activity from actual threats. Unlike conventional solutions, REVEAL refines its detection capabilities over time, improving accuracy while minimizing noise. Its UEBA detects deviations from baseline activity with high accuracy, allowing security teams to give attention to legitimate security risks relatively than being overwhelmed by false alarms. While Machine Learning is a foundational aspect, generative and agentic AI play a major role in further appending context in natural language to assist analysts understand exactly what is going on around an alert and even automate the response to said alerts.
What role does adversarial AI play in modern cybersecurity threats, and the way does Gurucul combat these evolving risks?
First all we’re already seeing adversarial AI being applied to the bottom hanging fruit, the human vector and identity-based threats. For this reason behavioral, and identity analytics are critical to with the ability to discover anomalous behaviors, put them into context and predict malicious behavior before it proliferates further. Moreover, adversarial AI is the nail within the coffin for signature-based detection methods. Adversaries are using AI to evade these TTP defined detection rules, but again they will’t evade the behavioral based detections in the identical way. SOC teams aren’t resourced adequately to proceed to jot down rules to maintain pace and would require a contemporary approach to threat detection, investigation and response. Behavior and context are the important thing ingredients. Finally, platforms like REVEAL depend upon a continuous feedback loop and we’re always applying AI to assist us refine our detection models, recommend latest models and inform latest threat intelligence our entire ecosystem of shoppers can profit from.
How does Gurucul’s risk-based scoring system improve security teams’ ability to prioritize threats?
Our platform’s dynamic risk scoring system assigns real-time risk scores to users, entities, and actions based on observed behaviors and contextual insights. This allows security teams to prioritize critical threats, reducing response times and optimizing resources. By quantifying risk on a 0–100 scale, REVEAL ensures that organizations give attention to probably the most pressing incidents relatively than being overwhelmed by low-priority alerts. With a unified risk rating spanning all enterprise data sources, security teams gain greater visibility and control, resulting in faster, more informed decision-making.
In an age of accelerating data breaches, how can AI-driven security solutions help organizations prevent insider threats?
Insider threats are an especially difficult security risk resulting from their subtle nature and the access that employees possess. REVEAL’s UEBA detects deviations from established behavioral baselines, identifying dangerous activities resembling unauthorized data access, unusual login times, and privilege misuse. Dynamic risk scoring also constantly assesses behaviors in real time, assigning risk levels to prioritize probably the most pressing insider risks. These AI-driven capabilities enable security teams to proactively detect and mitigate insider threats before they escalate into breaches. Given the predictive nature of behavioral analytics Insider Risk Management is race against the clock. Insider Risk Management teams have to have the opportunity to reply and collaborate quickly, with privacy top-of-mind. Context again is critical here and appending behavioral deviations with context from identity systems, HR applications and all other relevant data sources gives these teams the ammunition to quickly construct and defend a case of evidence so the business can respond and remediate before data exfiltration occurs.
How does Gurucul’s identity analytics solution enhance security in comparison with traditional IAM (identity and access management) tools?
Traditional IAM solutions give attention to access control and authentication but lack the intelligence and visibility to detect compromised accounts or privilege abuse in real time. REVEAL goes beyond these limitations by leveraging AI-powered behavioral analytics to constantly assess user risk, dynamically adjust risk scores, and implement adaptive access entitlements, minimizing misuse and illegitimate privileges. By integrating with existing IAM frameworks and enforcing least-privilege access, our solution enhances identity security and reduces the attack surface. The issue with IAM governance is identity system sprawl and the dearth of interconnectedness between different identity systems. Gurucul gives teams a 360° view of their identity risks across all identity infrastructure. Now they will stop rubber stamping access but relatively take risk-oriented approach to access policies. Moreover, they will expedite the compliance aspect of IAM and exhibit a continuous monitoring and fully holistic approach to access controls across the organization.
What are the important thing cybersecurity threats you foresee in the following five years, and the way can AI help mitigate them?
Identity-based threats will proceed to proliferate, because they’ve worked. Adversaries are going to double-down on gaining access by logging in either via compromising insiders or attacking identity infrastructure. Naturally insider threats will proceed to be a key risk vector for a lot of businesses, especially as shadow IT continues. Whether malicious or negligent, firms will increasingly need visibility into insider risk. Moreover, AI will speed up the variations of conventional TTPs, because adversaries know that’s how they are going to have the opportunity to evade detections by doing so and it is going to be low price for them to creative adaptive tactics, technics and protocols. Hence again why specializing in behavior in context and having detection systems able to adapting just as fast will likely be crucial for the foreseeable future.
